An out-of-bounds read in MyEID driver handling encryption using symmetric keys. An attacker with physical access to the computer running opensc and crafted USB device or smart card that would present the system with specially crafted responses to the APDUs so they are considered a high-complexity and low-severity. This issue is in the code handling symmetric keys, which are not widely used for example for desktop login so most of the deployments are not affected. https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
Created opensc tracking bugs for this issue: Affects: fedora-all [bug 2248101]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:7879 https://access.redhat.com/errata/RHSA-2023:7879